BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Hackers use Google Ads to spread FatalRAT malware again

    Fake websites do not arouse even the slightest suspicion among gullible victims.

    Chinese speakers in East and Southeast Asia have been targeted by a new Google Ads scam that delivers remote access Trojans such as FatalRAT to compromised devices.

    According to a report released today by ESET, the attacks included buying ad space to show phishing sites at the top of Google's search results. So users, in an attempt to download popular programs, downloaded malicious software to their computer.

    Here are just some of the fake programs instead of which the attackers slipped malware: Google Chrome, Mozilla Firefox, Telegram, WhatsApp, LINE, Signal, Skype, Electrum, Sogou Pinyin Method, Youdao and WPS Office.

    The websites and the installers downloaded from them were mostly in Chinese. Which is funny, since in some of the listed programs, in principle, Chinese localization is not available. In general, the attackers definitely had something to interest their victims.

    The ad attacks mainly affected people in Taiwan, China and Hong Kong. To a lesser extent, the inhabitants of Malaysia, Japan, the Philippines, Thailand, Singapore, Indonesia and Myanmar got it.

    FatalRAT, deployed after the installation of fake programs, gives the attacker full control over the victim's computer, including executing arbitrary command line commands, running files, collecting data from web browsers, and capturing keystrokes.

    “The attackers have put some effort into the domain names used for their websites, trying to be as similar to the official ones as possible. Fake websites in most cases are outwardly identical copies of legitimate sites, ”said ESET representatives.

    ESET observed similar attacks between August 2022 and January 2023. Of course, at the time of publication of this news, Chinese malicious advertising has already been removed.

    Recall that Google Ads is not the first time used for phishing and distribution of fake programs. Only in January we wrote about copies of websites of popular programs for home and office, as well as about a fake website of the BitWarden password manager.

    Such fraudulent tricks can be easily avoided by using ad blockers that remove paid malicious sites from the top of search results. However, the usual care when checking a domain is also enough. After all, if you do not go to phishing sites, then the probability of downloading malicious software from the Internet tends to zero.

    Author DeepWeb
    The new version of Medusa first deletes user files, and only then asks for a ransom
    The developers explained the reasons for the slow and unstable work of Tor

    Comments 0

    Add comment